Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

sep NTP logs

Created: 04 Sep 2013 • Updated: 04 Sep 2013 | 5 comments
This issue has been solved. See solution.

Hello symantec team.
Today i just cheched NTP logs and found there historical I.P& remote IP and some more attacks logs.
I would like to tell you tha I am using sep 12.1.3 .

Can you guys help me and tell me what it is?

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

See Rafeeqs comment for full explanation

https://www-secure.symantec.com/connect/forums/cur...

Per Rafeeq:

"Current IP Address

This is the IP address the client has now (or had at the last time it talked to SEPM). 

Historical IP Address

This is the IP address the client had when the attack occurred. 

Remote Host IP

This is the IP address of the other guy (usually the guy attacked this system)"

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Jwelina's picture

Hello SRT1, Agreed with above comments.

I would like to tell you that mean of Historical IP Address is 

This is the IP address the client had when the attack occurred. And mean of Remote Host IP is

This is the IP address of the other guy (usually the who attacked this system)

 

Please have a look of Rafeeq post in below article.

 

https://www-secure.symantec.com/connect/forums/current-ip-historical-ip-remote-ip-address-ntp-attack-logs-sepm-121#comment-8903051

Mithun Sanghavi's picture

Hello,

So, you want to know more about the NTP logs and what does it capture, correct?

Secondly, have you turned on the Risk Tracer?

You are correct, that is what rafeeq states in the thread below:

https://www-secure.symantec.com/connect/forums/current-ip-historical-ip-remote-ip-address-ntp-attack-logs-sepm-121

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

Historical IP Address: This is the IP address the client had when the attack occurred.